Signature Database

["Lancaster, J Jackson Contr SAF/FMPT" <jackson.lancaster () afbudsys disa mil>]

Someone had asked about a repository for Snort signatures.  I found this
on fulldisclosure
 
Snort Signature Database.... Sort of
http://seclists.org/lists/fulldisclosure/2004/Apr/0936.html
 
I, amoung many other people that I know, Are interested in keeping our
snort instalations as relivant as possible. 
The most important single activity in this is to keep the signature base
up to date. I think that the snort.org guys have done a realy wonderful
job of releasing signatures frequently, But I would like to be able to
keep more up to the minute with new exploits than they or any other
group realy can. 


I run regular searches and often see people posting signatures on this
and other lists but.... I thought it would be handy to have a single
"repository" of sorts. So with this in mind I set up phpBB (Yeah I know)
and am opening it up to everyone while I work on a better interface to
put our signatures into I figured that this was easy and searchable. 


I would ask that yourpost titles be relevant to the signature... such as



"Microsoft - SSLv3 sig - new" or 


"Cisco IOS 12.1 buffer overflow attack production" 


This will make it easier down the road, If anyone actualy uses this, and
the signature base grows... I am planning to keep this up no matter how
big it gets. So I am hoping that People will use it and make
suggestions. 


Link: http://www.snort.gitflorida.com/phpBB2/ 


Well, Anyone think this is a workable idea.... I am hoping it will help
us all keep up to date. 


James Ashton 


 

Jackson Lancaster